Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for connected vehicle sequence anomaly detection, comprising: creating a normal sequence profile for a group of connected vehicles based on a first data set including a plurality of first messages, the group including at least one connected vehicle, each message indicating communications data related to the group of connected vehicles, wherein the normal sequence profile is created by training a normal behavior model using unsupervised machine learning with respect to a plurality of potential sequences, the normal sequence profile defining a plurality of normal sequences and a plurality of triggers, wherein each of the plurality of normal sequences is associated with a timeframe, wherein each sequence is a series including a plurality of condition combinations; preprocessing a second data set, wherein preprocessing the second data set further comprises generating a plurality of second messages in a unified format; identifying at least one instance of one of the plurality of triggers in the plurality of second messages; and detecting at least one abnormal sequence based on the identified at least one instance and the normal sequence profile, wherein each of the at least one abnormal sequence is detected when none of the plurality of normal sequences is identified in the second data set with respect to the at least one instance and each associated timeframe; and removing the plurality of second messages from a database.
This invention relates to anomaly detection in connected vehicle networks, addressing the challenge of identifying abnormal communication sequences that may indicate security threats or system malfunctions. The method involves creating a normal sequence profile for a group of connected vehicles by analyzing a first dataset of communication messages. These messages contain data related to the group, such as vehicle-to-vehicle or vehicle-to-infrastructure interactions. A normal behavior model is trained using unsupervised machine learning to establish a baseline of expected communication patterns, defining normal sequences and associated triggers. Each normal sequence consists of condition combinations that occur within specific timeframes. A second dataset of messages is preprocessed into a unified format, and the system scans for instances of the predefined triggers. If a trigger is detected but no corresponding normal sequence follows within the expected timeframe, the system flags the sequence as abnormal. This indicates a deviation from expected behavior, which may signal an attack or system error. After analysis, the second dataset is removed from the database to prevent redundant processing. The approach leverages machine learning to dynamically adapt to normal communication patterns while efficiently identifying anomalies in real-time vehicle networks.
2. The method of claim 1 , wherein each of the plurality of second messages is an abstracted message including only data that is relevant to sequence analysis.
3. The method of claim 1 , wherein each condition combination includes at least two conditions having a correlation in the plurality of first messages above a threshold.
4. The method of claim 1 , wherein creating the normal sequence profile further comprises: iteratively refining the normal behavior model until at most a threshold proportion of abnormal sequences is identified when applying the normal behavior model to the plurality of first messages.
5. The method of claim 1 , wherein each timeframe is any of: a window of time prior to occurrence of a respective trigger, and a delay time after occurrence of a respective trigger.
6. The method of claim 1 , wherein each sequence is associated with at least one channel among at least two sources of connected vehicle communications data, further comprising: identifying a plurality of sequences in the second data set, wherein detecting the at least one abnormal sequence further comprises comparing each sequence identified in the second data set with at least one normal sequence of the plurality of normal sequences associated with the same channel.
7. The method of claim 1 , wherein each trigger is any of: a time-based trigger, and a condition-based trigger.
A system and method for automated task execution involves a trigger mechanism that initiates predefined actions based on specific events or conditions. The system monitors for predefined triggers, which can be either time-based or condition-based. Time-based triggers activate tasks at scheduled intervals or specific times, while condition-based triggers respond to changes in system states, external inputs, or other dynamic conditions. When a trigger is detected, the system executes a corresponding action, such as sending a notification, updating a database, or initiating a process. The method ensures tasks are performed automatically without manual intervention, improving efficiency and reliability in environments where timely execution is critical. The system may be applied in various domains, including scheduling, monitoring, and automation workflows, where responsiveness to time or state changes is essential. The use of both time-based and condition-based triggers provides flexibility in defining when and how tasks should be executed, adapting to different operational requirements.
8. The method of claim 1 , wherein each of the plurality of normal sequences is further associated with a required order for the sequence, further comprising: identifying a plurality of sequences in the second data set, wherein an abnormal sequence is detected when an order of one of the plurality of sequences identified in the second data set does not match the required order of any of the plurality of normal sequences.
9. The method of claim 1 , wherein the plurality of second messages is removed from the database when the at least one abnormal sequence has been detected.
10. A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising: creating a normal sequence profile for a group of connected vehicles based on a first data set including a plurality of first messages, the group including at least one connected vehicle, each message indicating communications data related to the group of connected vehicles, wherein the normal sequence profile is created by training a normal behavior model using unsupervised machine learning with respect to a plurality of potential sequences, the normal sequence profile defining a plurality of normal sequences and a plurality of triggers, wherein each of the plurality of normal sequences is associated with a timeframe, wherein each sequence is a series including a plurality of condition combinations; preprocessing a second data set, wherein preprocessing the second data set further comprises generating a plurality of second messages in a unified format; identifying at least one instance of one of the plurality of triggers in the plurality of second messages; detecting at least one abnormal sequence based on the identified at least one instance and the normal sequence profile, wherein each of the at least one abnormal sequence is detected when none of the plurality of normal sequences is identified in the second data set with respect to the at least one instance and each associated timeframe; and removing the plurality of second messages from a database.
11. A system for connected vehicle sequence anomaly detection, comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: create a normal sequence profile for a group of connected vehicles based on a first data set including a plurality of first messages, the group including at least one connected vehicle, each message indicating communications data related to the group of connected vehicles, wherein the normal sequence profile is created by training a normal behavior model using unsupervised machine learning with respect to a plurality of potential sequences, the normal sequence profile defining a plurality of normal sequences and a plurality of triggers, wherein each of the plurality of normal sequences is associated with a timeframe, wherein each sequence is a series including a plurality of condition combinations; preprocess a second data set, wherein preprocessing the second data set further comprises generating a plurality of second messages in a unified format; identify at least one instance of one of the plurality of triggers in the plurality of second messages; detect at least one abnormal sequence based on the identified at least one instance and the normal sequence profile, wherein each of the at least one abnormal sequence is detected when none of the plurality of normal sequences is identified in the second data set with respect to the at least one instance and each associated timeframe; and remove the plurality of second messages from a database.
12. The system of claim 11 , wherein each of the plurality of second messages is an abstracted message including only data that is relevant to sequence analysis.
13. The system of claim 11 , wherein each condition combination includes at least two conditions having a correlation in the plurality of first messages above a threshold.
The invention relates to a system for analyzing message data to identify meaningful patterns or correlations. The system processes a plurality of first messages to extract conditions, where each condition represents a specific attribute or characteristic of the messages. The system then generates condition combinations by grouping these conditions, where each combination includes at least two conditions that exhibit a correlation above a predefined threshold. This correlation is determined based on the frequency or co-occurrence of the conditions within the first messages. The system may also compare these condition combinations to a plurality of second messages to identify matches or deviations, enabling applications such as anomaly detection, trend analysis, or predictive modeling. The system can be used in fields like cybersecurity, customer behavior analysis, or network monitoring, where identifying correlated patterns in message data is critical for decision-making. The invention improves upon prior systems by focusing on condition combinations with statistically significant correlations, reducing noise and improving the relevance of the extracted insights.
14. The system of claim 11 , wherein the system is further configured to: iteratively refine the normal behavior model until at most a threshold proportion of abnormal sequences is identified when applying the normal behavior model to the plurality of first messages.
15. The system of claim 11 , wherein each timeframe is any of: a window of time prior to occurrence of a respective trigger, and a delay time after occurrence of a respective trigger.
16. The system of claim 11 , wherein each sequence is associated with at least one channel among at least two sources of connected vehicle communications data, wherein the system is further configured to: identify a plurality of sequences in the second data set, wherein detecting the at least one abnormal sequence further comprises comparing each sequence identified in the second data set with at least one normal sequence of the plurality of normal sequences associated with the same channel.
17. The system of claim 11 , wherein each trigger is any of: a time-based trigger, and a condition-based trigger.
18. The system of claim 11 , wherein each of the plurality of normal sequences is further associated with a required order for the sequence, wherein the system is further configured to: identify a plurality of sequences in the second data set, wherein an abnormal sequence is detected when an order of one of the plurality of sequences identified in the second data set does not match the required order of any of the plurality of normal sequences.
19. The system of claim 11 , wherein the plurality of second messages is removed from the database when the at least one abnormal sequence has been detected.
Unknown
March 2, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.